CVE-2020-12723
Summary
| CVE | CVE-2020-12723 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-06-05 15:15:00 UTC |
|---|
| Updated | 2023-11-07 03:15:00 UTC |
|---|
| Description | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| June 2020 Perl Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2022 |
MISC |
www.oracle.com |
|
| study_chunk recursion · Issue #17743 · Perl/perl5 · GitHub |
MISC |
github.com |
Third Party Advisory |
| [SECURITY] Fedora 31 Update: perl-5.30.3-452.fc31 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2020:0850-1: important: Security update |
SUSE |
lists.opensuse.org |
Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - October 2020 |
MISC |
www.oracle.com |
Third Party Advisory |
| Oracle Critical Patch Update Advisory - July 2021 |
N/A |
www.oracle.com |
|
| Oracle Critical Patch Update Advisory - October 2021 |
MISC |
www.oracle.com |
|
| Segfault in S_study_chunk (regcomp.c:4870) · Issue #16947 · Perl/perl5 · GitHub |
MISC |
github.com |
Third Party Advisory |
| perl5/perl5303delta.pod at blead · Perl/perl5 · GitHub |
CONFIRM |
github.com |
Third Party Advisory |
| Perl: Multiple vulnerabilities (GLSA 202006-03) — Gentoo security |
GENTOO |
security.gentoo.org |
Third Party Advisory |
| Oracle Critical Patch Update Advisory - January 2022 |
MISC |
www.oracle.com |
|
| [SECURITY] Fedora 31 Update: perl-5.30.3-452.fc31 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| study_chunk: avoid mutating regexp program within GOSUB · Perl/perl5@66bbb51 · GitHub |
CONFIRM |
github.com |
Patch, Third Party Advisory |
| Comparing v5.30.2...v5.30.3 · Perl/perl5 · GitHub |
CONFIRM |
github.com |
Patch, Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2021 |
MISC |
www.oracle.com |
|
| Oracle Critical Patch Update Advisory - January 2021 |
MISC |
www.oracle.com |
Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159183 Oracle Enterprise Linux Security Update for perl (ELSA-2021-9238)
- 20286 Oracle Database 19c OJVM Critical Patch Update - January 2021
- 20301 Oracle Database 18c OJVM Critical Patch Update - January 2021
- 20312 Oracle Database 12.2.0.1 Critical OJVM Patch Update - January 2021
- 239170 Red Hat Update for perl (RHSA-2021:0883)
- 239179 Red Hat Update for perl (RHSA-2021:1032)
- 239423 Red Hat Update for perl (RHSA-2021:2184)
- 377427 Alibaba Cloud Linux Security Update for perl (ALINUX2-SA-2021:0004)
- 377575 Alibaba Cloud Linux Security Update for perl (ALINUX3-SA-2021:0012)
- 500526 Alpine Linux Security Update for perl
- 504287 Alpine Linux Security Update for perl
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 730228 McAfee Web Gateway Multiple Vulnerabilities (WP-3445, WP-3483, WP-3527, WP-3528, WP-3547, WP-3584,WP-3589,WP-3611)
- 940101 AlmaLinux Security Update for perl (ALSA-2021:0557)
